[SERVER-48268] Crash in Mongo shell with Data Lake Created: 18/May/20  Updated: 01/Jul/20  Resolved: 01/Jul/20

Status: Closed
Project: Core Server
Component/s: Shell
Affects Version/s: 4.2.5
Fix Version/s: None

Type: Bug Priority: Major - P3
Reporter: David Golub Assignee: Mindaugas Malinauskas
Resolution: Won't Fix Votes: 0
Labels: qexec-team
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Related
Operating System: ALL
Sprint: Query 2020-06-29, Query 2020-07-13
Participants:

 Description   

Description

One of our customers experienced a crash in the Mongo shell while attempting to run show collections against Atlas Data Lake.

Steps to Reproduce

We have been unable to reproduce this issue, but we have obtained a memory dump of the crash from the customer, and it is attached to MHOUSE-1204.

Expected Results

The command should either succeed (if the response is valid) or fail with an appropriate error message (if the response is corrupted).

Actual Results

The shell crashes.

Additional Notes

We don't know whether Atlas Data Lake is actually returned a corrupted response or if the Mongo shell is crashing despite a valid response. I opened the memory dump in Visual Studio, but it didn't provide any obvious answers as to what was wrong. I'm closing MHOUSE-1204 as Cannot Reproduce for now. If it turns out that debugging the shell reveals that ADL is in fact returning a corrupted response, please comment on MHOUSE-1204 as to the nature of the corruption and reopen the ticket so that we can fix the bug on our side. Thank you.

CC mark.benvenuto henrik.edin



 Comments   
Comment by Mark Benvenuto [ 18/May/20 ]

Symbols: https://fastdl.mongodb.org/win32/mongodb-win32-x86_64-2012plus-4.2.5.zip
Cmds: .sympath z:\tmp, symfix+, .reload, .ecxr, k
(comma is not part of the command to enter)

+Stack Trace +

 # Child-SP          RetAddr           Call Site
00 (Inline Function) --------`-------- mongo!mongo::DataType::Handler<signed char,void>::unsafeLoad [c:\data\mci\c14560478dc0f9ff0249eee442e9521e\src\src\mongo\base\data_type.h @ 70]
01 (Inline Function) --------`-------- mongo!mongo::DataType::unsafeLoad [c:\data\mci\c14560478dc0f9ff0249eee442e9521e\src\src\mongo\base\data_type.h @ 153]
02 (Inline Function) --------`-------- mongo!mongo::ConstDataView::readInto [c:\data\mci\c14560478dc0f9ff0249eee442e9521e\src\src\mongo\base\data_view.h @ 53]
03 (Inline Function) --------`-------- mongo!mongo::ConstDataView::read [c:\data\mci\c14560478dc0f9ff0249eee442e9521e\src\src\mongo\base\data_view.h @ 62]
04 (Inline Function) --------`-------- mongo!mongo::BSONElement::type [c:\data\mci\c14560478dc0f9ff0249eee442e9521e\src\src\mongo\bson\bsonelement.h @ 225]
05 (Inline Function) --------`-------- mongo!mongo::BSONElement::eoo [c:\data\mci\c14560478dc0f9ff0249eee442e9521e\src\src\mongo\bson\bsonelement.h @ 243]
06 (Inline Function) --------`-------- mongo!mongo::BSONElement::{ctor}+0x5 [c:\data\mci\c14560478dc0f9ff0249eee442e9521e\src\src\mongo\bson\bsonelement.h @ 706]
07 (Inline Function) --------`-------- mongo!mongo::BSONObjStlIterator::operator+++0xd [c:\data\mci\c14560478dc0f9ff0249eee442e9521e\src\src\mongo\bson\bsonobj.h @ 652]
08 000000ca`7abfb240 00007ff6`72d31bf7 mongo!mongo::mozjs::ValueReader::fromBSONArray+0x17b [c:\data\mci\c14560478dc0f9ff0249eee442e9521e\src\src\mongo\scripting\mozjs\valuereader.cpp @ 233]
09 000000ca`7abfb3b0 00007ff6`72d7030f mongo!mongo::mozjs::ValueReader::fromBSONElement+0x5c7 [c:\data\mci\c14560478dc0f9ff0249eee442e9521e\src\src\mongo\scripting\mozjs\valuereader.cpp @ 102]
0a 000000ca`7abfbd50 00007ff6`72d5be79 mongo!mongo::mozjs::BSONInfo::resolve+0x21f [c:\data\mci\c14560478dc0f9ff0249eee442e9521e\src\src\mongo\scripting\mozjs\bson.cpp @ 248]
0b 000000ca`7abfbee0 00007ff6`72f0db0c mongo!mongo::mozjs::smUtils::resolve<mongo::mozjs::BSONInfo>+0x39 [c:\data\mci\c14560478dc0f9ff0249eee442e9521e\src\src\mongo\scripting\mozjs\wraptype.h @ 222]
0c (Inline Function) --------`-------- mongo!js::CallResolveOp+0x85 [c:\data\mci\c14560478dc0f9ff0249eee442e9521e\src\src\third_party\mozjs-60\extract\js\src\vm\nativeobject-inl.h @ 797]
0d (Inline Function) --------`-------- mongo!js::LookupOwnPropertyInline+0x394 [c:\data\mci\c14560478dc0f9ff0249eee442e9521e\src\src\third_party\mozjs-60\extract\js\src\vm\nativeobject-inl.h @ 869]
0e (Inline Function) --------`-------- mongo!NativeGetPropertyInline+0x3eb [c:\data\mci\c14560478dc0f9ff0249eee442e9521e\src\src\third_party\mozjs-60\extract\js\src\vm\nativeobject.cpp @ 2398]
0f 000000ca`7abfbf20 00007ff6`731d8b2c mongo!js::NativeGetProperty+0x41c [c:\data\mci\c14560478dc0f9ff0249eee442e9521e\src\src\third_party\mozjs-60\extract\js\src\vm\nativeobject.cpp @ 2446]
10 (Inline Function) --------`-------- mongo!js::GetProperty+0x40 [c:\data\mci\c14560478dc0f9ff0249eee442e9521e\src\src\third_party\mozjs-60\extract\js\src\vm\nativeobject.h @ 1629]
11 000000ca`7abfc060 00007ff6`73219eae mongo!js::GetProperty+0x6c [c:\data\mci\c14560478dc0f9ff0249eee442e9521e\src\src\third_party\mozjs-60\extract\js\src\vm\jsobject.h @ 821]
12 000000ca`7abfc0c0 00007ff6`7321a06b mongo!js::GetProperty+0x2be [c:\data\mci\c14560478dc0f9ff0249eee442e9521e\src\src\third_party\mozjs-60\extract\js\src\vm\interpreter.cpp @ 4426]
13 000000ca`7abfc150 00007ff6`7321f40d mongo!GetPropertyOperation+0x15b [c:\data\mci\c14560478dc0f9ff0249eee442e9521e\src\src\third_party\mozjs-60\extract\js\src\vm\interpreter.cpp @ 214]
14 000000ca`7abfc1e0 00007ff6`73227cb8 mongo!Interpret+0x3efd [c:\data\mci\c14560478dc0f9ff0249eee442e9521e\src\src\third_party\mozjs-60\extract\js\src\vm\interpreter.cpp @ 2840]
15 000000ca`7abfd570 00007ff6`7321b2c5 mongo!js::RunScript+0x408 [c:\data\mci\c14560478dc0f9ff0249eee442e9521e\src\src\third_party\mozjs-60\extract\js\src\vm\interpreter.cpp @ 418]
16 000000ca`7abfd6f0 00007ff6`732170b5 mongo!js::InternalCallOrConstruct+0x345 [c:\data\mci\c14560478dc0f9ff0249eee442e9521e\src\src\third_party\mozjs-60\extract\js\src\vm\interpreter.cpp @ 490]
17 000000ca`7abfd7c0 00007ff6`72f24bcc mongo!js::Call+0x25 [c:\data\mci\c14560478dc0f9ff0249eee442e9521e\src\src\third_party\mozjs-60\extract\js\src\vm\interpreter.cpp @ 536]
18 000000ca`7abfd7f0 00007ff6`7321b1d4 mongo!js::fun_apply+0x38c [c:\data\mci\c14560478dc0f9ff0249eee442e9521e\src\src\third_party\mozjs-60\extract\js\src\vm\jsfunction.cpp @ 1245]
19 (Inline Function) --------`-------- mongo!js::CallJSNative+0x56 [c:\data\mci\c14560478dc0f9ff0249eee442e9521e\src\src\third_party\mozjs-60\extract\js\src\vm\jscontext-inl.h @ 290]
1a 000000ca`7abfdd70 00007ff6`73221573 mongo!js::InternalCallOrConstruct+0x254 [c:\data\mci\c14560478dc0f9ff0249eee442e9521e\src\src\third_party\mozjs-60\extract\js\src\vm\interpreter.cpp @ 468]
1b 000000ca`7abfde40 00007ff6`73227cb8 mongo!Interpret+0x6063 [c:\data\mci\c14560478dc0f9ff0249eee442e9521e\src\src\third_party\mozjs-60\extract\js\src\vm\interpreter.cpp @ 3013]
1c 000000ca`7abff1d0 00007ff6`73218ed5 mongo!js::RunScript+0x408 [c:\data\mci\c14560478dc0f9ff0249eee442e9521e\src\src\third_party\mozjs-60\extract\js\src\vm\interpreter.cpp @ 418]
1d (Inline Function) --------`-------- mongo!js::ExecuteKernel+0x154 [c:\data\mci\c14560478dc0f9ff0249eee442e9521e\src\src\third_party\mozjs-60\extract\js\src\vm\interpreter.cpp @ 701]
1e 000000ca`7abff350 00007ff6`72fa54f3 mongo!js::Execute+0x1d5 [c:\data\mci\c14560478dc0f9ff0249eee442e9521e\src\src\third_party\mozjs-60\extract\js\src\vm\interpreter.cpp @ 733]
1f 000000ca`7abff400 00007ff6`72d607fb mongo!JS_ExecuteScript+0x63 [c:\data\mci\c14560478dc0f9ff0249eee442e9521e\src\src\third_party\mozjs-60\extract\js\src\jsapi.cpp @ 4763]
20 000000ca`7abff450 00007ff6`72d5ae4e mongo!<lambda_da447f14bf1d9d6fe2707b308a8da97b>::operator()+0x15b [c:\data\mci\c14560478dc0f9ff0249eee442e9521e\src\src\mongo\scripting\mozjs\implscope.cpp @ 754]
21 000000ca`7abff5d0 00007ff6`72d63c60 mongo!mongo::mozjs::MozJSImplScope::_runSafely<<lambda_da447f14bf1d9d6fe2707b308a8da97b> >+0x5e [c:\data\mci\c14560478dc0f9ff0249eee442e9521e\src\src\mongo\scripting\mozjs\implscope.cpp @ 481]
22 000000ca`7abff650 00007ff6`72d3ab44 mongo!mongo::mozjs::MozJSImplScope::exec+0x40 [c:\data\mci\c14560478dc0f9ff0249eee442e9521e\src\src\mongo\scripting\mozjs\implscope.cpp @ 769]
23 (Inline Function) --------`-------- mongo!mongo::mozjs::MozJSProxyScope::exec::__l2::<lambda_5eb055a9274d5f83f51404c3fe048d9d>::operator()+0x4e [c:\data\mci\c14560478dc0f9ff0249eee442e9521e\src\src\mongo\scripting\mozjs\proxyscope.cpp @ 229]
24 (Inline Function) --------`-------- mongo!mongo::unique_function<void __cdecl(void)>::callRegularVoid+0x4e [c:\data\mci\c14560478dc0f9ff0249eee442e9521e\src\src\mongo\util\functional.h @ 145]
25 000000ca`7abff6c0 00007ff6`72d3ba5e mongo!`mongo::unique_function<void __cdecl(void)>::makeImpl<<lambda_5eb055a9274d5f83f51404c3fe048d9d> >'::`2'::SpecificImpl::call+0x54 [c:\data\mci\c14560478dc0f9ff0249eee442e9521e\src\src\mongo\util\functional.h @ 154]
26 (Inline Function) --------`-------- mongo!mongo::unique_function<void __cdecl(void)>::operator()+0x16 [c:\data\mci\c14560478dc0f9ff0249eee442e9521e\src\src\mongo\util\functional.h @ 109]
27 000000ca`7abff720 00007ff6`72d3d20c mongo!mongo::mozjs::MozJSProxyScope::implThread+0x2de [c:\data\mci\c14560478dc0f9ff0249eee442e9521e\src\src\mongo\scripting\mozjs\proxyscope.cpp @ 386]
28 000000ca`7abff960 00007ff6`72d3d29c mongo!nspr::Thread::ThreadRoutine+0x2c [c:\data\mci\c14560478dc0f9ff0249eee442e9521e\src\src\mongo\scripting\mozjs\posixnspr.cpp @ 57]
29 (Inline Function) --------`-------- mongo!std::_Invoker_functor::_Call+0x9 [c:\program files (x86)\microsoft visual studio\2017\professional\vc\tools\msvc\14.16.27023\include\type_traits @ 16707566]
2a (Inline Function) --------`-------- mongo!std::invoke+0x9 [c:\program files (x86)\microsoft visual studio\2017\professional\vc\tools\msvc\14.16.27023\include\type_traits @ 16707566]
2b (Inline Function) --------`-------- mongo!std::_LaunchPad<std::unique_ptr<std::tuple<void * (__cdecl*)(void *),nspr::Thread *>,std::default_delete<std::tuple<void * (__cdecl*)(void *),nspr::Thread *> > > >::_Execute+0x9 [c:\program files (x86)\microsoft visual studio\2017\professional\vc\tools\msvc\14.16.27023\include\thr\xthread @ 238]
2c (Inline Function) --------`-------- mongo!std::_LaunchPad<std::unique_ptr<std::tuple<void * (__cdecl*)(void *),nspr::Thread *>,std::default_delete<std::tuple<void * (__cdecl*)(void *),nspr::Thread *> > > >::_Run+0x55 [c:\program files (x86)\microsoft visual studio\2017\professional\vc\tools\msvc\14.16.27023\include\thr\xthread @ 245]
2d 000000ca`7abff990 00007ff6`72cb5d99 mongo!std::_LaunchPad<std::unique_ptr<std::tuple<void * (__cdecl*)(void *),nspr::Thread *>,std::default_delete<std::tuple<void * (__cdecl*)(void *),nspr::Thread *> > > >::_Go+0x6c [c:\program files (x86)\microsoft visual studio\2017\professional\vc\tools\msvc\14.16.27023\include\thr\xthread @ 230]
2e 000000ca`7abff9d0 00007ffc`4aff0e72 mongo!std::_Pad::_Call_func+0x9 [c:\program files (x86)\microsoft visual studio\2017\professional\vc\tools\msvc\14.16.27023\include\thr\xthread @ 209]
2f 000000ca`7abffa00 00007ffc`4b9e7bd4 ucrtbase!thread_start<unsigned int (__cdecl*)(void *),1>+0x42
30 000000ca`7abffa30 00007ffc`4d08ced1 kernel32!BaseThreadInitThunk+0x14
31 000000ca`7abffa60 00000000`00000000 ntdll!RtlUserThreadStart+0x21

BSONObj
The actual BSON starts 8 bytes in and is supposed to have a length of 0x89 bytes. It appears that the BSON is corrupt and this causes the shell to crash.

0:006> db 0000027a`b6ad9da0 L200
0000027a`b6ad9da0  03 00 00 00 89 00 00 00-89 00 00 00 11 00 00 00  ................
0000027a`b6ad9db0  0f 00 00 00 dd 07 00 00-00 00 00 00 00 74 00 00  .............t..
0000027a`b6ad9dc0  00 10 6f 6b 00 01 00 00-00 03 63 75 72 73 6f 72  ..ok......cursor
0000027a`b6ad9dd0  00 5f 00 00 00 04 66 69-72 73 74 42 61 74 63 68  ._....firstBatch
0000027a`b6ad9de0  00 14 00 00 00 03 30 00-03 31 00 03 32 00 03 33  ......0..1..2..3
0000027a`b6ad9df0  00 03 34 00 00 12 69 64-00 00 00 00 00 00 00 00  ..4...id........
0000027a`b6ad9e00  00 02 6e 73 00 26 00 00-00 6c 65 67 69 73 6c 61  ..ns.&...legisla
0000027a`b6ad9e10  74 69 6f 6e 5f 64 61 74-61 2e 24 63 6d 64 2e 6c  tion_data.$cmd.l
0000027a`b6ad9e20  69 73 74 43 6f 6c 6c 65-63 74 69 6f 6e 73 00 00  istCollections..
0000027a`b6ad9e30  00 00 20 00 20 00 2f 00-96 99 31 cd 20 02 00 8c  .. . ./...1. ...
0000027a`b6ad9e40  01 00 00 00 8c 00 00 00-8c 00 00 00 11 00 00 00  ................
0000027a`b6ad9e50  0d 00 00 00 dd 07 00 00-00 00 00 00 00 77 00 00  .............w..
0000027a`b6ad9e60  00 10 6f 6b 00 00 00 00-00 02 65 72 72 6d 73 67  ..ok......errmsg
0000027a`b6ad9e70  00 39 00 00 00 6e 6f 74-20 61 75 74 68 6f 72 69  .9...not authori
0000027a`b6ad9e80  7a 65 64 2c 20 63 6f 72-72 65 6c 61 74 69 6f 6e  zed, correlation
0000027a`b6ad9e90  49 44 20 3d 20 31 36 30-30 33 31 61 38 33 31 66  ID = 160031a831f
0000027a`b6ad9ea0  61 37 34 35 35 64 63 31-31 38 31 65 32 00 10 63  a7455dc1181e2..c
0000027a`b6ad9eb0  6f 64 65 00 0d 00 00 00-02 63 6f 64 65 4e 61 6d  ode......codeNam
0000027a`b6ad9ec0  65 00 0d 00 00 00 55 6e-61 75 74 68 6f 72 69 7a  e.....Unauthoriz
0000027a`b6ad9ed0  65 64 00 00 69 00 74 00-98 99 0b cd 6c 03 00 80  ed..i.t.....l...

Generated at Thu Feb 08 05:16:37 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.